diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index a00924904b..34c6838c03 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -5,6 +5,7 @@ * xref:migration-7/index.adoc[Preparing for 7.0] ** xref:migration-7/configuration.adoc[Configuration] * xref:migration/index.adoc[Migrating to 6.2] +** xref:migration/authorization.adoc[Authorization Changes] * xref:getting-spring-security.adoc[Getting Spring Security] * xref:features/index.adoc[Features] ** xref:features/authentication/index.adoc[Authentication] diff --git a/docs/modules/ROOT/pages/migration/authorization.adoc b/docs/modules/ROOT/pages/migration/authorization.adoc new file mode 100644 index 0000000000..031c8a8bfb --- /dev/null +++ b/docs/modules/ROOT/pages/migration/authorization.adoc @@ -0,0 +1,24 @@ += Authorization Changes + +The following sections relate to how to adapt to changes in the authorization support. + +== Method Security + +[[compile-with-parameters]] +=== Compile With `-parameters` + +Spring Framework 6.1 https://github.com/spring-projects/spring-framework/issues/29559[removes LocalVariableTableParameterNameDiscoverer]. +This affects how `@PreAuthorize` and other xref:servlet/authorization/method-security.adoc[method security] annotations will process parameter names. +If you are using method security annotations with parameter names, for example: + +[source,java] +.Method security annotation using `id` parameter name +---- +@PreAuthorize("@authz.checkPermission(#id, authentication)") +public void doSomething(Long id) { + // ... +} +---- + +You must compile with `-parameters` to ensure that the parameter names are available at runtime. +For more information about this, please visit the https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x#core-container[Upgrading to Spring Framework 6.1 page]. diff --git a/docs/modules/ROOT/pages/migration/index.adoc b/docs/modules/ROOT/pages/migration/index.adoc index be9f6b3a9a..3f7954e7d6 100644 --- a/docs/modules/ROOT/pages/migration/index.adoc +++ b/docs/modules/ROOT/pages/migration/index.adoc @@ -15,3 +15,9 @@ Next, you should ensure you are on the latest patch release of Spring Security 6 Typically, the latest patch release of Spring Boot uses the latest patch release of Spring Security. With those two steps complete, you can now update to Spring Security 6.2. + +== Quick Reference + +The following list provide a quick reference for the changes that are described in this guide. + +- xref:migration/authorization.adoc#compile-with-parameters[You are using method parameter names in `@PreAuthorize`, `@PostAuthorize`, or any other method security annotations]